From owner-svn-ports-all@FreeBSD.ORG Mon Jun 3 06:51:44 2013 Return-Path: Delivered-To: svn-ports-all@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 6FFC4D9D; Mon, 3 Jun 2013 06:51:44 +0000 (UTC) (envelope-from araujo@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) by mx1.freebsd.org (Postfix) with ESMTP id 5102E1A6B; Mon, 3 Jun 2013 06:51:44 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.7/8.14.7) with ESMTP id r536pi21057960; Mon, 3 Jun 2013 06:51:44 GMT (envelope-from araujo@svn.freebsd.org) Received: (from araujo@localhost) by svn.freebsd.org (8.14.7/8.14.5/Submit) id r536phoK057957; Mon, 3 Jun 2013 06:51:43 GMT (envelope-from araujo@svn.freebsd.org) Message-Id: <201306030651.r536phoK057957@svn.freebsd.org> From: Marcelo Araujo Date: Mon, 3 Jun 2013 06:51:43 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r319757 - in head: security/vuxml www/mod_security X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Jun 2013 06:51:44 -0000 Author: araujo Date: Mon Jun 3 06:51:43 2013 New Revision: 319757 URL: http://svnweb.freebsd.org/changeset/ports/319757 Log: - Update to 2.7.4. More info: https://github.com/SpiderLabs/ModSecurity/blob/master/CHANGES PR: ports/179167 Submitted by: ohauer@ Security: 9dfb63b8-8f36-11e2-b34d-000c2957946c Modified: head/security/vuxml/vuln.xml head/www/mod_security/Makefile head/www/mod_security/distinfo Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Mon Jun 3 06:47:55 2013 (r319756) +++ head/security/vuxml/vuln.xml Mon Jun 3 06:51:43 2013 (r319757) @@ -51,6 +51,35 @@ Note: Please add new entries to the beg --> + + www/mod_security -- NULL pointer dereference DoS + + + mod_security + 2.7.3 + + + + +

SecurityFocus reports:

+
When ModSecurity receives a request body with a size bigger than the + value set by the "SecRequestBodyInMemoryLimit" and with a "Content-Type" + that has no request body processor mapped to it, ModSecurity will + systematically crash on every call to "forceRequestBodyVariable".
+

+ + + + CVE-2013-2765 + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2765 + + + 2013-05-27 + 2013-06-03 + + + passenger -- security vulnerability Modified: head/www/mod_security/Makefile ============================================================================== --- head/www/mod_security/Makefile Mon Jun 3 06:47:55 2013 (r319756) +++ head/www/mod_security/Makefile Mon Jun 3 06:51:43 2013 (r319757) @@ -1,7 +1,7 @@ # $FreeBSD$ PORTNAME= mod_security -PORTVERSION= 2.7.3 +PORTVERSION= 2.7.4 CATEGORIES= www security MASTER_SITES= http://www.modsecurity.org/tarball/${PORTVERSION}/ PKGNAMEPREFIX= ${APACHE_PKGNAMEPREFIX} Modified: head/www/mod_security/distinfo ============================================================================== --- head/www/mod_security/distinfo Mon Jun 3 06:47:55 2013 (r319756) +++ head/www/mod_security/distinfo Mon Jun 3 06:51:43 2013 (r319757) @@ -1,2 +1,2 @@ -SHA256 (modsecurity-apache_2.7.3.tar.gz) = fa5b0a2fabe9cd6c7b35ae09a433a60da183b2cabcf26479ec40fc4a419693e4 -SIZE (modsecurity-apache_2.7.3.tar.gz) = 981947 +SHA256 (modsecurity-apache_2.7.4.tar.gz) = 605d6f1b03e648001ef1c7db7b18d51c01edd443b57cbbd4e298770ffdcd0eb9 +SIZE (modsecurity-apache_2.7.4.tar.gz) = 1014983